Tenet Healthcare lost $100 million in income and mitigation expenses because of a cyberattack and data breach in Q2, 2022. Tenet Healthcare based in Dallas, TX is one of the biggest healthcare companies in the U.S. operating 65 hospitals and over 450 healthcare centers across the United States through its brands and subsidiaries. Last April 2022, Tenet encountered a cyberattack that prompted serious interruption to its IT programs and acute care procedures for a few weeks. The attack compelled the employees to work using pen and paper throughout the recovery phase, and at least one impacted hospital needed to briefly reroute ambulances to other hospitals. The attack likewise interfered with its telephone system, so doctors had to leave the building to make telephone calls. The cyberattack started on April 20, 2022 and impacted at least two hospitals. Tenet didn’t give to the public any details of the attack like whether it involved ransomware.
Based on Tenet’s Q2 2022 revenue report shows that the attack has got a $100 million unfavorable EBITDA (earnings prior to interest, taxes, amortization, and depreciation) effect. Adjusted admissions dropped by 5.3% year-over-year, with total admissions decreasing 8% from Q2 of 2021, and same-hospital net patient service income dropped 0.2% because of the cyberattack. Over the quarter, Tenet had a lower income of 68% in comparison to Q1 of 2021, which dropped to $38 million, and its operating income dropped by 6.4% to $4.6 million for the quarter. The attack was furthermore partially the reason for a 2.8-day growth in its outstanding accounts receivable.
CEO Saum Sutaria of Tenet mentioned that IT systems at the impacted hospitals needed to be completely rebuilt, and although the cyberattack had a considerable business and financial effect, Tenet continued to have a strong quarter. Sutaria stated the company got enough cybersecurity insurance coverage which helped to minimize the overall financial effect of the cyberattack. Its insurance plan covered $5 million in Q2 of 2022. Tenet shouldered a substantial cost because of the attack, however, it is similar to other cyberattacks like the Scripps Health ransomware attack. Five hospitals and 19 outpatient centers were affected, which resulted in $112.7 million in lost income and remediation expenses.
Tenet will additionally need to take care of other costs including the class action lawsuit filed against it in Florida in June. Allegedly, Tenet didn’t use enough security measures to secure against cyberattacks and didn’t give enough notifications to impacted persons. The lawsuit additionally claims that notification letters were not sent to all persons impacted by the data breach.